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Risk Management Policy 

NASA Policy Directive (NPD) 1000.5 (2009) states: “/f is NASA policy to 
incorporate in the overall Agency risk management strategy a risk- 
informed acquisition process that includes the identification , analysis , 
and management of programmatic, infrastructure, technical, 
environmental, safety, cost, schedule, management, industry, and 
external policy risks that might jeopardize the success with which the 
Agency executes its acquisition strategies 

NPR 8000.4A (2009), Agency Risk Management Procedural Requirements, 
evolves NASA’s risk management (RM) approach to entail two 
complementary processes: 

- Risk-informed Decision Making (RIDM) 

• To risk-inform direction-setting decisions (e.g., space architecture decisions) 

• To risk-inform the development of credible performance requirements as part of the overall 
systems engineering process 

~ Continuous Risk Management (CRM) 

• To manage risk associated with the implementation of baseline performance requirements 




RM = RIDM + CRM 


What Improvements Are We Looking for? 
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To manage risk in a holistic and coherent manner across the Agency 

- Agency strategic goals explicitly drive RM activities at all levels 

- All risk types and their interactions are considered collectively during 
decision-making 

- Having an integrated perspective of risks when analyzing competing 
alternatives 

- Implementation of RM in the context of complex institutional relationships 
(programs, projects, centers, contractors, ...) 

To better match the stakeholder expectations and the “true” resources 
required to address the risks to achieve those expectations 

- Better comprehension of the risk that a decision-maker is accepting when 
making commitments to stakeholders 

To better establish close ties between the selected alternative and the 
requirements derived from it 

- Derivation of achievable requirements through systematic characterization 
of uncertainties 


The RM Process Begins with NASA Strategic 
Goals 



• Within NASA’s organizational hierarchy, high-level objectives (NASA Strategic Goals) flow 
down in the form of progressively more detailed performance requirements, whose 
satisfaction assures that objectives are met 

• RIDM is designed to maintain focus on strategic goals as decisions are made throughout 
the hierarchy 

• CRM is designed to manage “risks” in the context of requirements 


Risk Management 



PRs: Performance Requirements 
PMs: Performance Measures 
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Definitions of Risk and RIDM per NPR 8000.4 
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• Risk: The expression of the potential for performance shortfalls, 
which may be realized in the future, with respect to achieving 
explicitly established and stated performance requirements 

- The performance shortfalls may be related to any one or more of 
the following mission execution domains: 

• Safety 

• Technical performance 

• Cost 

• Schedule 

• RIDM: A risk-informed decision-making process that uses a diverse 
set of performance measures along with other considerations within a 
deliberative process to inform decision making 

- decisions are informed by an integrated risk perspective rather 
than being informed by a set of individual “risk” contributions 

- A decision-making process relying primarily on a narrow set of 
model-based risk metrics would be considered “risk-based” 


RIDM Process Steps 

Based on NASA/SP-201 0-576 
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Risk-Informed Decision Making 
Handbook 


Office of Safety and Mission Assurance 
NASA Headquarters 








Risk-Informed Decision Making (RIDM) 




To Requirements (Re)Baselining 



http://www.hq.nasa.gov/office/codeq/doctree/SP2010576.htm 
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RIDM Process - Part 1 

Understand Stakeholder Expectations and Derive Performance 
Measures 

• An objectives hierarchy is constructed by subdividing the top-level 
objectives into more detailed objectives, thereby clarifying the intended 
meaning. 

• At the first level of decomposition, the top-level objective is partitioned 
into the mission execution domains of Safety, Technical, Cost, and 
Schedule. 

• Within each domain, the objectives are further decomposed until 
appropriate quantifiable performance objectives are generated. 
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RIDM Process - Part 1 

Performance Measures and Performance Requirements 
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• A Performance Measure (PM) is a metric used to quantify the 
extent to which a Performance Objective is fulfilled 

- Safety (e.g., avoidance of injury, fatality, or destruction of key assets) 

• Maintain Astronaut Safety Probability of Loss of Crew (P(LOC)) 

- Technical (e.g., increase thrust or output, maximize amount of 
observational data acquired) 

• Maximize Payload Capability -> Payload Capability (kg) 

- Cost (e.g., execution within minimum cost) 

• Minimize Cost -> Cost ($) 

- Schedule (e.g., meeting milestones) 

• Minimize completion time Schedule (months) 

• The PM values imputed to the selected alternative are 
Performance Requirements 

- They essentially define “success” 

- Significant shortfalls in performance are “failures” 


RIDM Process - Part 2 

Risk Analysis of Alternatives 
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• The goal is to develop a risk analysis framework that integrates domain- 
specific performance assessments and quantifies the performance 
measures 

- Risk Analysis - probabilistic modeling of performance 


• Establishing a transparent framework that: 

- Operates on a common set of performance parameters for each alternative 

- Consistently addresses uncertainties across mission execution domains and across 
alternatives 

- Preserves correlations between performance measures 


Uncertain Conditions 


Probabilistically - Determined 
Outcomes 


Product of 

Risk 

Analysis 



Performance measures depicted fora single alternative 
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Setting Risk Analysis Framework 



• Detailed domain-specific analysis guidance is available in domain- 
specific guidance documents like the NASA Cost Estimating 
Handbook, the NASA Systems Engineering Handbook, and the NASA 
Probabilistic Risk Assessment Procedures Guide 
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RIDM Process Part 3 



Part 3 - Risk-Informed Alternative Selection 


From Part 2 
• Technical Basis for 
Deliberation (TBfD) 




Risk-Informed 
Selection Report* 



Step 5 - Develop Risk-Normalized 


Step 6 - Deliberate, Select an Alternative, 

Performance Commitments 


and Document the Decision Rationale 

• Establish risk tolerances on 


• Deliberate pros and cons of each alternative and 

the performance measures \ 

associated performance commitments 

• Establish performance 


• Identify contending alternatives (downselection) 

measure ordering 


• Select an alternative 

• Determine performance 


• Finalize the performance commitments 

commitment values 


• Document decision rationale 


Additional Risk Analysis, 
Information Gathering, 
Performance Commitment 
Revision, as Needed 



' To be defined in formal project management documentation. 
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RIDM Process - Part 3 

Risk-informed Alternative Selection 


• Performance measure probability density functions (pdfs) 
constitute the fundamental risk analysis results. 

• However, there are complicating factors for performance 
measures that are expressed as pdfs: 

- The pdfs for different alternatives may overlap, preventing a definitive 
assessment of which alternative has superior performance 



- Different pdfs may exceed imposed constraints at different percentiles, 
thereby comingling issues of performance with issues of success 


Performance Commitment 


Mean values are used in many different 
contexts to compare alternatives, but this 
approach can: 

- Produce values that are strongly influenced by 
the tail ends of the pdfs 

- Introduce significant probabilities of falling short 
of imposed constraints, even when the mean 
values meet imposed constraints 

A Performance Commitment is the level of 
performance whose probability of not 
being achieved matches the decision 
maker’s risk tolerance 

- Anchors the commitment the decision maker (DM) 
is willing to make for that performance measure 

Performance commitments support a risk- 
normalized comparison of decision 
alternatives, at a level of risk tolerance 
determined by the decision maker. 
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Deliberation of the Merits of Each Alternative in the Context 
of Performance Commitments (notional) 
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Notional Risk Tolerances: High Moderate Low 

* These are arbitrary, notional choices 
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The Continuous Risk Management Process 



• Is initiated by the results of the RIDM process: 

- The risk analysis for the selected alternative 

- An initial risk list 

• Focuses on meeting performance 

requirements 

- By managing performance margins over 
time so that associated performance 
requirements are not violated 

- By “burning down” (over time) the risk of 
violating performance requirements 

- By means of mitigation actions 
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Steps in the CRM Process 
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Summary 
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• Our ultimate goal is to manage risk in a holistic and coherent 
fashion across the Agency 

- The RIDM process is intended to risk-inform direction-setting 
decisions 

- The CRM process is intended to manage risk associated with the 
implementation of baseline performance requirements 

• Currently we are working on 

- Enhancements to the CRM process 

- Better integration of the RIDM and CRM processes 

- Better integration of institutional risk considerations into RM 
framework 
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